I think I am into about 10 years of managing my own web site’s, from my blog site here to several image hosting sites. In all of those years, I have never had the problems I experienced over the last year. Starting in January as some of you may recall, I had this site taken over by representatives of jihadists that turned the site into a promoter of their ideology. Now, over the last several weeks this site has been the subject of a WordPress wp-login.php brute force attack. According to my web hosting service, “there have now been several large scale WordPress wp-login.php brute force attacks, coming from a large amount of compromised IP addresses spread across the world since April 2013. A large botnet of around 90,000 compromised servers has been attempting to break into WordPress websites by continually trying to guess the username and password to get into the WordPress admin dashboard.” What happens from such an event is the attackers run a number generator that pounds the login with random numbers until the login reaches the appropriate number to shut off the login for about 20 minutes. A good number of those who have WordPress sites end up leaving the login name “admin” so the attachers only have to figure out the password. This may be what happened to me in January.
Fortunately for me, I took a lot of additional security measures after regaining control of my web site in January. However, this current attack has required even more defensive measures. One such measure was becoming a subscriber of CloudFlare. As they describe it:
CloudFlare protects and accelerates any website online. Once your website is a part of the CloudFlare community, its web traffic is routed through our intelligent global network. We automatically optimize the delivery of your web pages so your visitors get the fastest page load times and best performance. We also block threats and limit abusive bots and crawlers from wasting your bandwidth and server resources. The result: CloudFlare-powered websites see a significant improvement in performance and a decrease in spam and other attacks.
CloudFlare’s system gets faster and smarter as our community of users grows larger. We have designed the system to scale with our goal in mind: helping power and protect the entire Internet.
CloudFlare can be used by anyone with a website and their own domain, regardless of your choice in platform. From start to finish, setup takes most website owners less than 5 minutes. Adding your website requires only a simple change to your domain’s DNS settings. There is no hardware or software to install or maintain and you do not need to change any of your site’s existing code. If you are ever unhappy you can turn CloudFlare off as easily as you turned it on. Our core service is free and we offer enhanced services for websites who need extra features like real time reporting or SSL.
WordPress’s web site has a good description of this problem and what other remedies one may have for these types of attacks here. The bottom line, in this increasing complex world with more and more reliance on the internet, one just has to increase their vigilance. And this vigilance applies to one’s home computer as well, with good passwords and network protections.
New stock image hosting site:
Over the last number of years I have used PhotoShelter to demonstrate several of my images. I am giving that up and moving to SmugMug and Flicker. Like all things, this takes some work but think it will be a productive move. Additionally, look for items for sale on this site in the coming year.